NXP Car Plan Teams NFC, Bluetooth

In fact, Joel Linsky, senior director of technology at Qualcomm, who chairs the Bluetooth SIG Core Specification Working Group, told us that the Bluetooth SIG team is working on a mechanism to "natively support" NIST-compliant algorithms in some BLE radios, including hashing functions and Elliptic Curve Diffie-Hellmann (ECDH) key exchange. However, the SIG group stopped short of promising a release date for the updated spec.

NXP's Reger said: "BLE and NFC are data transmission standards which complement each other. One use case could be that via NFC, keys for secure Bluetooth pairing are transported between devices."

His company is not suggesting NFC to replace BLE. Instead, Reger is proposing NFC for convenient secure transactions of keys, while BLE then offers the data link.

Luca De Ambroggi, principal analyst for automotive semiconductors at IHS Technology, said NXP "wants to bootstrap NFC to offer secure communications for Bluetooth." Whether others in the industry are willing to go along with NXP remains to be seen.

Jimmy Pai, CSR's technical marketing manager, is a skeptic. Using NFC inside a car key poses a big problem, he said, because "power consumption is too high." Similarly, when NFC is turned on in a smartphone, "it drains a lot of battery."

But the real clincher is the issue of practicality. "In order to open a car door with an NFC key, you need to bring it so close to the car door," he said. What's the point of using wireless technology if it's a few inches away from just sticking the key in the door?

"Touch" and "activate" Of course, NXP's proposal isn't about replacing the whole BLE with NFC, but leveraging NFC for the initial key exchange and pairing of Bluetooth devices. Pai isn't thrilled with that idea, either. "If you can have a secure element in NFC, BLE can also have its own secure element."

NXP sees value in leveraging the trusted relationship it has cultivated with car OEMs over the last 15 years by enabling secure keyless car entry systems. Recently, Reger said, that relationship with Tier 1s and carmakers expanded to bringing "touch and activate" features beyond car keys to the center stack inside a car through the combined use of BLE and NFC. Such collaborative work is two years in the making.

To enable hands-free calls inside a rental car with your smartphone, for example, you need to pair the smartphone with the in-vehicle system. With an NFC-enabled smartphone, all you need to do is wave the device at the center stack. Instead of putting in 1,000 keys manually, "NFC does the job," Reger said. The same goes for pairing a smartphone (or tablet) with the in-vehicle GPS system. An NFC-enabled device can also let the rental car find your favorite music or radio stations. It can also pair a mobile device with a rear-seat display screen.

Reger acknowledged that NFC's short range (10 cm or less) was once considered a weakness. But the need for close distance has given NFC new advantages: system security and an intuitive touch. Reger said, "You just need to hold it [the NFC-embedded device] against a center stack."

When you wave the mobile device (or the car key), the car must be able to figure out that it is your car key, not a fake device, Reger said. The validation of a device's identity is critical, and the two devices (an ECU and a car key, for example) need to authenticate each other.

NXP does not offer consumer BLE chips, but it develops specific BLE chips demanded by healthcare-related devices such as hearing aids.

As for the automotive market, NXP's Reger expects the launch of NFC and BLE combined solutions within the next one to two years. From NXP's standpoint, this isn't just about the choice of wireless technologies for cars. "Our focus is how we can make things secure for various connections, whether it's a car key, car radio, or car-to-car communication," Reger said.

@junko: secure pairing and then data linking could do well enough with current generation of cars, but OEMs are looking at a long time solution, a solution that won't be much modified for at least half a decade. It is true that BLE's security is getting increasingly weaker with time, and a day won't be far when bypassing BLE data linking would be a piece of cake.

@wcmoore: But automated cars would be zooming out of vision pretty soon, and they would be connected to a cloud using a dashboard interface. So even if your car doesn't support peer-to-peer communication, even then it is at risk of being hacked, since a cloud can go down anytime and systems may be breached.

This system of encrypted key acknowledgement may be a very good solution to expensive anti-theft systems. Not just that, in the event of a car window smash, the car would only start if the VR system of the car (since we are readily talking about IOT) recognises the voice of the driver of the car. If a car is stolen via other means (like we see in Gone in Sixty Seconds) then the car should have a basic security that wouldn't let any unknown entity inside the car start it even by using chords and cables under the dashboard.

I do not want a vehicle with the ability to communicate with another vehicle. It will be a Hacker's wet dream coming true. Given the number of hackers available and their propensity to collaborate on complex issues it will only be a matter of months if not weeks before the whole house of cards is compromised. Do you really want to see what hackers can conjure up for a doomsday exploit on automobiles?